Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Problem creating certificates and keystores with Bouncy Castle

843811Jan 26 2010 — edited Feb 4 2010
Hi,

I will try to resume the question to explain myself as better as possible: In my app, i have to create my own CA to create my own user certificates. Then, i used bouncy castle to create both of them. The problem is that i think that i dont understand so well the creation of the CA keystore. When i try to save the user pfx keystore i have a nullpinter exception 
java.lang.NullPointerException
	at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineSetKeyEntry(Unknown Source)
	at java.security.KeyStore.setKeyEntry(KeyStore.java:848)
	at myapp.UserCertificatesUtil.createCertificate(UserCertificatesUtil.java:117)
	at myapp.BCTest.createUserCertificate(BCTest.java:28)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at org.junit.internal.runners.TestMethodRunner.executeMethodBody(TestMethodRunner.java:99)
	at org.junit.internal.runners.TestMethodRunner.runUnprotected(TestMethodRunner.java:81)
	at org.junit.internal.runners.BeforeAndAfterRunner.runProtected(BeforeAndAfterRunner.java:34)
	at org.junit.internal.runners.TestMethodRunner.runMethod(TestMethodRunner.java:75)
	at org.junit.internal.runners.TestMethodRunner.run(TestMethodRunner.java:45)
	at org.junit.internal.runners.TestClassMethodsRunner.invokeTestMethod(TestClassMethodsRunner.java:71)
	at org.junit.internal.runners.TestClassMethodsRunner.run(TestClassMethodsRunner.java:35)
	at org.junit.internal.runners.TestClassRunner$1.runUnprotected(TestClassRunner.java:42)
	at org.junit.internal.runners.BeforeAndAfterRunner.runProtected(BeforeAndAfterRunner.java:34)
	at org.junit.internal.runners.TestClassRunner.run(TestClassRunner.java:52)
	at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:46)
	at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
This exception ocurrs when i tried to save the user keystore. When i used the debuger, i realized that the certificate i load from the CA keystore have a null value in its getEncoded() and this is where i think the problem is. The code i have to load the CA keystore is the following:

KeyStore keystoreCA = KeyStore.getInstance(messages.getString("typeCA"), "BC");
			keystoreCA.load(new FileInputStream(messages.getString("keyStorePathCA") + messages.getString("pfxFileCA")),    messages.getString("passwordCA").toCharArray());
			caPrivKey = (PrivateKey)(keystoreCA.getKey("CApriv", null));
			caCer = (X509Certificate)(keystoreCA.getCertificate("CApriv"));
			caPubKey=caCer.getPublicKey();
And when i save the pfx of the CA the code is the following:
Certificate[] caCadPfx = new Certificate[2];
			caCadPfx[1] = caCer;
			caCadPfx[0] = caCer;
			KeyStore caStore = KeyStore.getInstance(messages.getString("tipoCA"), "BC");
			caStore.load(null, null);
			caStore.setCertificateEntry("CA",caCer);
			caStore.setKeyEntry("CApriv", caPrivKey, null, caCadPfx);
			FileOutputStream caPfxOut = new FileOutputStream(messages.getString("keyStorePathCA") + messages.getString("pfxFileCA"));
			caStore.store(caPfxOut,messages.getString("passwordCA").toCharArray());
Then i realized that the exception dont occurs if when i load the certificate of the CA i load CApriv instead of CA, but i dont know why.

Also, the code to save the pfx of the user keystore is the following:
 Certificate[] userCadPfx = new Certificate[2];
			userCadPfx[1] = caCer;
	        userCadPfx[0] = cerData.getCertificate();
	        KeyStore userStore = KeyStore.getInstance(messages.getString("certificateType"), "BC");
	        userStore.load(null, null);
			
			userStore.setKeyEntry(nombre, cerData.getPrivateKey(), null, userCadPfx);
	        FileOutputStream userPfxOut = new FileOutputStream(messages.getString("keyStorePath") + numeroDocumento + ".pfx");
	        userStore.store(userPfxOut,storePassword.toCharArray());
Thanks
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 4 2010
Added on Jan 26 2010
#other-security-apis-tools-and-issues
6 comments
442 views